From e2e1e4913085cca8917e0f69171dc28d3c6af1b6 Mon Sep 17 00:00:00 2001
From: Henrique Dias <mail@hacdias.com>
Date: Thu, 26 Jun 2025 15:19:13 +0200
Subject: [PATCH] fix: check exact match on command allow list

---
 runner/parser.go |  2 +-
 users/users.go   | 10 ++--------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/runner/parser.go b/runner/parser.go
index 6fd64a4b..8c7c13a2 100644
--- a/runner/parser.go
+++ b/runner/parser.go
@@ -8,7 +8,7 @@ import (
 
 // ParseCommand parses the command taking in account if the current
 // instance uses a shell to run the commands or just calls the binary
-// directyly.
+// directly.
 func ParseCommand(s *settings.Settings, raw string) ([]string, error) {
 	var command []string
 
diff --git a/users/users.go b/users/users.go
index ec613856..01eb294c 100644
--- a/users/users.go
+++ b/users/users.go
@@ -2,7 +2,7 @@ package users
 
 import (
 	"path/filepath"
-	"regexp"
+	"slices"
 
 	"github.com/spf13/afero"
 
@@ -111,11 +111,5 @@ func (u *User) CanExecute(command string) bool {
 		return false
 	}
 
-	for _, cmd := range u.Commands {
-		if regexp.MustCompile(cmd).MatchString(command) {
-			return true
-		}
-	}
-
-	return false
+	return slices.Contains(u.Commands, command)
 }